Current on FuLoong unable to figure out system type
Installing current on a Yeeloong went rather smoothly. Fuloong 2F6004 is giving a bit more trouble and bsd.rd seems not to be able to identify the system type. What is needed to boot bsd.rd (with serial interface) on the FuLoong? Below is from the 17 feb snapshot. /Lars ifaddr rtk0 11.22.33.44 bootp=8000b968 boot tftp://11.22.33.55/bsd.rd Loading file: tftp://11.22.33.55/bsd.rd (elf) (elf) 0x8020/7007920 + 0x808aeeb0/481136(z) + 7402 syms\ Unable to figure out model! Halting system. === After messing with the PMON settings set bsd /bsd set novga 1 set nokbd 1 the error is a little different, but basically cannot find the system type: ifaddr rtk0 11.22.33.44 bootp=8000b968 boot tftp://11.22.33.55/bsd.rd Loading file: tftp://11.22.33.55/bsd.rd (elf) (elf) 0x8020/7007920 + 0x808aeeb0/481136(z) + 7402 syms\ WARNING! CORRUPTED ENVIRONMENT! Unable to search for systype. If the kernel fails to identify the system type, please boot it again with '-k' option. Unable to figure out system type! Halting system.
Re: Current on FuLoong unable to figure out system type
On Thu, Feb 18, 2010 at 10:47:42AM +0200, Lars Nooden wrote: Installing current on a Yeeloong went rather smoothly. Fuloong 2F6004 is giving a bit more trouble and bsd.rd seems not to be able to identify the system type. What is needed to boot bsd.rd (with serial interface) on the FuLoong? Below is from the 17 feb snapshot. /Lars ifaddr rtk0 11.22.33.44 bootp=8000b968 boot tftp://11.22.33.55/bsd.rd Loading file: tftp://11.22.33.55/bsd.rd (elf) (elf) 0x8020/7007920 + 0x808aeeb0/481136(z) + 7402 syms\ Unable to figure out model! Halting system. === After messing with the PMON settings set bsd /bsd set novga 1 set nokbd 1 the error is a little different, but basically cannot find the system type: ifaddr rtk0 11.22.33.44 bootp=8000b968 boot tftp://11.22.33.55/bsd.rd Loading file: tftp://11.22.33.55/bsd.rd (elf) (elf) 0x8020/7007920 + 0x808aeeb0/481136(z) + 7402 syms\ WARNING! CORRUPTED ENVIRONMENT! Unable to search for systype. If the kernel fails to identify the system type, please boot it again with '-k' option. Unable to figure out system type! Halting system. Retry with boot -k tftp://..., as suggested by the error message. Also PMON sometimes gets confused, and a power cycle is needed (using the reset button is not enough in all cases). -Otto
Clase - Taller: Terapia de Pareja
Escuela Sistimica Argentina presenta: Clase -Taller Terapia de Pareja y Supervisisn de casos clmnicos === Miircoles 24 de Febrerode 18.00 a 19.30 y de 19.30 a 21.00 hs. Coordina: Lic. Fernando Rubano Actividad aranceladaSe entregaran certificados. La reserva de vacantes puede ser realizada vma mail o telefsnicamente. Informes e inscripcisn: Fray J. S. M. Oro 1843 (C1414DBC) Cap. Fed. Tel/ Fax: 4774-2875/6112 - 4899-1053i...@escuelasistemica.com.ar
Re: OSPFd on Feb 17th 2010 -current Incompatibilities
Hi All, On Thu, 18 Feb 2010 05:32:43 +0700, Claudio Jeker cje...@diehard.n-r-g.com wrote: On Thu, Feb 18, 2010 at 03:03:34AM +0700, Insan Praja SW wrote: Hi Misc@, Recently I updated one of my routers into current. We runs OSPFd as an IGP for our network. The update went success, but OSPFd wont get synchronized. On the kernel-updated routers ospfctl sh neig shows: $ ospfctl sh neig ID Pri StateDeadTime Address Iface Uptime on dec 20 kernel routers shows: $ ospfctl sh nei ID Pri StateDeadTime Address Iface Uptime 2ab.cde.fgh.229 1 FULL/DR 00:00:31 2ab.cde.fgh.6vlan6 01w2d21h 2ab.cde.fgh.226 1 DOWN/OTHER 00:36:21 2ab.cde.fgh.3vlan6 - 2ab.cde.fgh.227 1 FULL/BCKUP 00:00:31 2ab.cde.fgh.4vlan6 01w2d21h 2ab.cde.fgh.228 1 2-WAY/OTHER 00:00:31 2ab.cde.fgh.5vlan6 - The router-ids are their loopback interfaces. Below are their configs. Did you run ospfd -dvv on the box that is not working? Is there any info in the log? My ospfd's are quite happy at the moment. Few old ones, for non openbsd ones and a few -current ones. With the ospfd -dvv I finally found the problem. $ sudo ospfd -dvv password = secret warning: macro 'password' not used startup orig_rtr_lsa: area 0.0.0.0 orig_rtr_lsa: stub net, interface vlan6 if_fsm: event UP resulted in action START and changing state for interface vlan6 from DOWN to WAIT orig_asext_lsa: 1ab.cde.fg.240/30 age 0 orig_asext_lsa: 1hi.jkl.mn.196/30 age 0 orig_asext_lsa: 1op.qrs.tuv.112/30 age 0 orig_asext_lsa: 2ab.cde.fgh.32/30 age 0 rde_asext_get: 2ab.cde.fgh.0/29 is net LSA orig_asext_lsa: 2ab.cde.fgh.16/30 age 0 orig_asext_lsa: 2ab.cde.fg.4/30 age 0 orig_asext_lsa: 2hi.jkl.mno.232/30 age 0 spf_calc: area 0.0.0.0 calculated recv_packet: packet sent to wrong address 127.0.0.2, interface vlan6 - This is it recv_packet: packet sent to wrong address 127.0.0.2, interface vlan6 recv_packet: packet sent to wrong address 127.0.0.2, interface vlan6 recv_packet: packet sent to wrong address 127.0.0.2, interface vlan6 recv_packet: packet sent to wrong address 127.0.0.2, interface vlan6 recv_packet: packet sent to wrong address 127.0.0.2, interface vlan6 ^Croute decision engine exiting orig_rtr_lsa: area 0.0.0.0 orig_rtr_lsa: stub net, interface vlan6 if_fsm: event DOWN resulted in action RESET and changing state for interface vlan6 from WAIT to DOWN ospf engine exiting kernel routing table decoupled terminating $ ifconfig lo lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 33200 priority: 0 groups: lo egress inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x8 inet 127.0.0.1 netmask 0xff00 inet 2ab.cde.fgh.226 netmask 0x lo1: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 33200 description: BLACKHOLE priority: 0 groups: lo inet 127.0.0.2 netmask 0x Thanks, Insan Praja SW -- insandotpraja(at)gmaildotcom
Re: OSPFd on Feb 17th 2010 -current Incompatibilities
Hi all, On Thu, 18 Feb 2010 18:54:04 +0700, Insan Praja SW insan.pr...@gmail.com wrote: Hi All, On Thu, 18 Feb 2010 05:32:43 +0700, Claudio Jeker cje...@diehard.n-r-g.com wrote: On Thu, Feb 18, 2010 at 03:03:34AM +0700, Insan Praja SW wrote: Hi Misc@, Recently I updated one of my routers into current. We runs OSPFd as an IGP for our network. The update went success, but OSPFd wont get synchronized. On the kernel-updated routers ospfctl sh neig shows: $ ospfctl sh neig ID Pri StateDeadTime Address Iface Uptime on dec 20 kernel routers shows: $ ospfctl sh nei ID Pri StateDeadTime Address Iface Uptime 2ab.cde.fgh.229 1 FULL/DR 00:00:31 2ab.cde.fgh.6vlan6 01w2d21h 2ab.cde.fgh.226 1 DOWN/OTHER 00:36:21 2ab.cde.fgh.3vlan6 - 2ab.cde.fgh.227 1 FULL/BCKUP 00:00:31 2ab.cde.fgh.4vlan6 01w2d21h 2ab.cde.fgh.228 1 2-WAY/OTHER 00:00:31 2ab.cde.fgh.5vlan6 - The router-ids are their loopback interfaces. Below are their configs. Did you run ospfd -dvv on the box that is not working? Is there any info in the log? My ospfd's are quite happy at the moment. Few old ones, for non openbsd ones and a few -current ones. With the ospfd -dvv I finally found the problem. $ sudo ospfd -dvv password = secret warning: macro 'password' not used startup orig_rtr_lsa: area 0.0.0.0 orig_rtr_lsa: stub net, interface vlan6 if_fsm: event UP resulted in action START and changing state for interface vlan6 from DOWN to WAIT orig_asext_lsa: 1ab.cde.fg.240/30 age 0 orig_asext_lsa: 1hi.jkl.mn.196/30 age 0 orig_asext_lsa: 1op.qrs.tuv.112/30 age 0 orig_asext_lsa: 2ab.cde.fgh.32/30 age 0 rde_asext_get: 2ab.cde.fgh.0/29 is net LSA orig_asext_lsa: 2ab.cde.fgh.16/30 age 0 orig_asext_lsa: 2ab.cde.fg.4/30 age 0 orig_asext_lsa: 2hi.jkl.mno.232/30 age 0 spf_calc: area 0.0.0.0 calculated recv_packet: packet sent to wrong address 127.0.0.2, interface vlan6 - This is it recv_packet: packet sent to wrong address 127.0.0.2, interface vlan6 recv_packet: packet sent to wrong address 127.0.0.2, interface vlan6 recv_packet: packet sent to wrong address 127.0.0.2, interface vlan6 recv_packet: packet sent to wrong address 127.0.0.2, interface vlan6 recv_packet: packet sent to wrong address 127.0.0.2, interface vlan6 ^Croute decision engine exiting orig_rtr_lsa: area 0.0.0.0 orig_rtr_lsa: stub net, interface vlan6 if_fsm: event DOWN resulted in action RESET and changing state for interface vlan6 from WAIT to DOWN ospf engine exiting kernel routing table decoupled terminating $ ifconfig lo lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 33200 priority: 0 groups: lo egress inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x8 inet 127.0.0.1 netmask 0xff00 inet 2ab.cde.fgh.226 netmask 0x lo1: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 33200 description: BLACKHOLE priority: 0 groups: lo inet 127.0.0.2 netmask 0x Thanks, Insan Praja SW So I find out that there is a rdr rule in pf.conf which redirect ospf traffic to lo1 (silly me..). I fixed the rule and it stayed on init state. if_act_elect: interface vlan6 old dr none new dr 2ab.cde.fgh.3, old bdr none new bdr none orig_rtr_lsa: area 0.0.0.0 orig_rtr_lsa: stub net, interface vlan6 orig_rtr_lsa: area 0.0.0.0 orig_rtr_lsa: stub net, interface vlan6 if_fsm: event WAITTIMER resulted in action ELECT and changing state for interface vlan6 from WAIT to DR recv_ls_update: packet ignored in state INIT, neighbor ID 2ab.cde.fgh.228 recv_ls_update: packet ignored in state INIT, neighbor ID 2ab.cde.fgh.225 recv_ls_update: packet ignored in state INIT, neighbor ID 2ab.cde.fgh.228 recv_ls_update: packet ignored in state INIT, neighbor ID 2ab.cde.fgh.225 recv_ls_update: packet ignored in state INIT, neighbor ID 2ab.cde.fgh.228 recv_ls_update: packet ignored in state INIT, neighbor ID 2ab.cde.fgh.225 recv_ls_update: packet ignored in state INIT, neighbor ID 2ab.cde.fgh.228 recv_ls_update: packet ignored in state INIT, neighbor ID 2ab.cde.fgh.225 recv_ls_update: packet ignored in state INIT, neighbor ID 2ab.cde.fgh.228 recv_ls_update: packet ignored in state INIT, neighbor ID 2ab.cde.fgh.225 recv_ls_update: packet ignored in state INIT, neighbor ID 2ab.cde.fgh.228 recv_ls_update: packet ignored in state INIT, neighbor ID 2ab.cde.fgh.225 recv_ls_update: packet ignored in state INIT, neighbor ID 2ab.cde.fgh.228 recv_ls_update: packet ignored in state INIT, neighbor ID 2ab.cde.fgh.225 recv_ls_update: packet ignored in state INIT, neighbor ID 2ab.cde.fgh.228 recv_ls_update: packet ignored in state INIT, neighbor ID 2ab.cde.fgh.225 recv_ls_update: packet ignored in state INIT, neighbor ID 2ab.cde.fgh.228 recv_ls_update: packet ignored in state INIT, neighbor ID 2ab.cde.fgh.225 recv_ls_update: packet ignored in state INIT, neighbor ID 2ab.cde.fgh.228
Re: Strange problem | routing issue
On 2010-02-18, Shailesh Tyagi shail...@novanet.net wrote: It seems there is a bug in routing with current 4.7 amd64 (build 10 Feb.). I tried i386 and it worked with same configuration and without any issues. Just to make sure I even tried reinstalling the amd64 once again thinking I might have made some mistakes the first time but same results. Following are the dmsegs from both installations. Although you shouldn't have this type of problem with running amd64 (and after unwrapping your dmesg and diffing them, I see no real differences between your logs from amd64 and i386), is there a particular reason you want to run amd64 on routers rather than i386? OpenBSD 4.7-beta (GENERIC.MP) #85: Sun Feb 7 17:06:57 MST 2010 Using the MP kernel adds overheads which you probably won't recoup on a router, particularly if you're just taking defaults from upstream (you'd be more likely to see a difference if e.g. you're doing a lot of route filtering or running a route-reflector). As soon as we start traffic bgp server starts behaving strangely. for example if we ping any IP, customer side or towards upstream from the bgpd server, first few seconds we get no route to host and after few seconds it starts getting the response. When we try to ping the same IP again, behavior remain unchanged. which means it can't get the route for few seconds. We have checked It might be useful to include output from 'route -n monitor' while this is happening. But please, turn off line wrapping in your mail client, it makes your posts very difficult to read. xxx.xxx.53.0 link#9 UHLc 01 - 4 vlan101 xxx.xxx.53.0/30link#9 UC 20 - 4 vlan101 xxx.xxx.53.2 link#9 UHRLc 115 - 4 vlan101 This is odd (similar for the other subnets in your output). Why the cloned host entry for 203.153.53.0? Where is the lo0 entry for 203.153.53.1 that hostname.vlan101 suggests should be there? Looking at ifconfig -A output might give a clue. (btw, you might as well skip obfuscating the addresses/ASN, it just makes it harder to read and doesn't hide anything).
Re: Strange problem | routing issue
No reason, platform supports 64bit and thought performance will be better on it. Its running well on i386. -Original Message- From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of Stuart Henderson Sent: Thursday, February 18, 2010 6:13 PM To: misc@openbsd.org Subject: Re: Strange problem | routing issue On 2010-02-18, Shailesh Tyagi shail...@novanet.net wrote: It seems there is a bug in routing with current 4.7 amd64 (build 10 Feb.). I tried i386 and it worked with same configuration and without any issues. Just to make sure I even tried reinstalling the amd64 once again thinking I might have made some mistakes the first time but same results. Following are the dmsegs from both installations. Although you shouldn't have this type of problem with running amd64 (and after unwrapping your dmesg and diffing them, I see no real differences between your logs from amd64 and i386), is there a particular reason you want to run amd64 on routers rather than i386? OpenBSD 4.7-beta (GENERIC.MP) #85: Sun Feb 7 17:06:57 MST 2010 Using the MP kernel adds overheads which you probably won't recoup on a router, particularly if you're just taking defaults from upstream (you'd be more likely to see a difference if e.g. you're doing a lot of route filtering or running a route-reflector). As soon as we start traffic bgp server starts behaving strangely. for example if we ping any IP, customer side or towards upstream from the bgpd server, first few seconds we get no route to host and after few seconds it starts getting the response. When we try to ping the same IP again, behavior remain unchanged. which means it can't get the route for few seconds. We have checked It might be useful to include output from 'route -n monitor' while this is happening. But please, turn off line wrapping in your mail client, it makes your posts very difficult to read. xxx.xxx.53.0 link#9 UHLc 01 - 4 vlan101 xxx.xxx.53.0/30link#9 UC 20 - 4 vlan101 xxx.xxx.53.2 link#9 UHRLc 115 - 4 vlan101 This is odd (similar for the other subnets in your output). Why the cloned host entry for 203.153.53.0? Where is the lo0 entry for 203.153.53.1 that hostname.vlan101 suggests should be there? Looking at ifconfig -A output might give a clue. (btw, you might as well skip obfuscating the addresses/ASN, it just makes it harder to read and doesn't hide anything). CONFIDENTIALITY NOTE : The documents herein contain information, belonging to Novanet Ltd, which is confidential and privileged. Unless you are the intended recipient, you may not use, copy or disclose to anyone the documents or any information contained in or attached to the documents.
Re: OT: opinions on IDS / IPS solutions
On Wed, 17 Feb 2010 22:59 -0500, Jason Beaudoin jasonbeaud...@gmail.com wrote: Hi There, As I often have greater respect for a much larger portion of this list than the rest of the internet, I am curious what is thought about current IDS/IPS hardware from vendors like Trustwave, Checkpoint, Alert Logic, mod_security, even snort.. etc, and in particular, the sensibility and effectiveness of using them in high-security environments. I use Snort in IDS mode on OpenBSD and am very satisfied with it. It's hard to justify spending 10's or 100's of thousands of dollars for commercial solutions that have the same issues as Snort (false positives, requires tuning and constant monitoring). I have used large IBM/ISS Proventia systems in the past. Some of the commercial offerings will not even give you a terminal so you can use tcpdump... can you believe that? You have the perfect spot on the network and the perfect hardware, but you can only use it in a very limited fashion. Very frustrating. General purpose OpenBSD boxes with big beefy network interfaces cost a lot less and does more. I use FreeBSD to run BASE as the analysis frontend. The OpenBSD Snort sensors ship their alerts to it. I would use OpenBSD for the frontend as well, but BASE is not currently in ports and I have not had time to work on porting it and prefer not to go outside of ports. Also, I would stay away from IPS mode. There are enough network problems as is without something randomly deciding to drop packets. There's no better way to make a network engineer mad than to send them on a wild goose chase trying to figure out why packets are not getting delivered only to find out that the IPS is dropping them because certain SSL traffic looks like a buffer overflow or something. That has been my experience. Brad From a compliance perspective, I don't have much choice. From the costs, infrastructure, and administrative perspectives, I am currently evaluating whether or not I should be leaning towards and IDS or IPS solution, and of course which system/vendor. My understanding is that something like snort requires a fair bit of maintenance and IT-attention, the trade-off being cost, so I am leaning away from this. Between detection and prevention, preventing break-ins seems a bit sillier than trying to actively monitor what's going on and to then look for threats, so this pushes me more towards IDS over IPS. Thoughts, suggestions, flames, are all welcome. Thanks. ~Jason
Te bonificamos los abonos y los equipos
Es Simple, Es Claro. Descubra la mejor y mas economica manera de comunicarse. Comunicacisn entre los equipos de su flota gratuita e ilimitada en todo el pams. Equipos totalmente bonificados. Porque queremos que usted tambiin sea parte de la compaqia N01 de comunicaciones en Amirica. Para que tenga la mas amplia cobertura, el mejor precio y la mayor variedad de servicios. Le acercamos las mejores opciones del mercado en telefonma celular para clientes con CUIT en flotas PYME y Corporativas. Lmneas Plan Costo Minuto Incluido. Minutos Totales. Costo Total por Flota. Costo Minuto Excdente. Equipos 100% Bonificados. Bonificaciones Especiales 6 $29 $0.26 660 $174 $0.26 6 del rango B 50% de la primer factura 6 $39 $0.25 930 $234 $0.25 6 del rango B 50% de la primer factura 10 $29 $0.23 1250 $290 $0.23 10 del rango B 50% de la primer factura + 100 SMS gratis por lmnea por un aqo 10 $39 $0.22 1800 $390 $0.22 10 del rango B 50% de la primer factura + 100 SMS gratis por lmnea por un aqo 20 $29 $0.22 2600 $580 $0.20 3 del rango M + 17 del rango B 50% de las primeras dos facturas + 100 SMS gratis por lmnea por un aqo + 10 destinos virtuales por lmnea a costo $0 20 $39 $0.19 4200 $780 $0.20 1 del rango P + 2 del rango A + 4 del rango M + 13 del rango B 50% de las primeras dos facturas + 100 SMS gratis por lmnea por un aqo + 10 destinos virtuales por lmnea a costo $0 60 $29 $0.21 8400 $1740 $0.20 9 del rango M + 51 del rango B 50% de las primeras cuatro facturas + 200 SMS gratis por lmnea por un aqo + 10 destinos virtuales por lmnea a costo $0 60 $39 $0.17 13800 $2340 $0.20 3 del rango P + 6 del rango A + 12 del rango M + 39 del rango B 50% de las primeras cuatro facturas + 200 SMS gratis por lmnea por un aqo + 10 destinos virtuales por lmnea a costo $0 Los precios no incluyen IVA. Los nzmeros Claro fuera de la flota deben ser nzmeros Claro Pospagos (no pueden ser ni Prepagos ni Cuenta Segura). La bonificacisn sobre la factura incluye solo los abonos. EQUIPOS EN SUBSIDIO TOTAL (click sobre el nombre para ver la descripcisn del equipo) RANGO A RANGO B RANGO M RANGO P LG kp570 Huawei 1005 Sony W205 Xperia X1 Samsung 3410 Nokia 1208 Samsung E215 Samsung F480 ZTE I766 Samsung E1075 LG Kp 215 Nokia E71 LG KP 330 Pantech 1410 Alcatel OT 701 BlackBerry 8220 Los modelos de los equipos son a eleccisn del cliente aunque, logicamente, estan tambien sujetos a disponibilidad de stock. CONSULTE TAMBIEN POR OTROS MODELOS DE EQUIPOS DISPONIBLES Si usted ya es cliente de Claro contactese con nosotros para recibir una propuesta de optimizacisn de su cuenta. Beneficios de las Flotas Claro * Comunicacisn gratuita, libre e ilimitada entre todos los miembros de la flota desde y hacia cualquier lugar del pams. * Bolsa de minutos (clearing) para repartir los minutos totales de su flota en los telifonos que quiera e incluso dejar parte de la flota solo para comunicacisn interna y que no generen consumo. * Tarifa Plana y Nacional. No importa si llama a un fijo o a un celular, si es corta distancia o larga distancia. El minuto siempre rinde lo mismo y no paga ningun concepto de red, LDN, tierra, etc. * Red Privada Virtual, herramienta que sirve para administrar los telefonos como si fueran internos de su empresa y que le da 10 destinos libres por llnea para tambihn comunicarse gratis!!! (solo para cuentas de mas de 20 lmneas) * Atencisn pre y post venta personalizada y sin moverse de su empresa. * Paquetes de SMS. * Posibilidad de bloquear telifonos para que sslo tengan comunicacisn interna y no consuman minutos de la bolsa. * La mas amplia cobertura Nacional e Internacional. * Sin costos de activacisn ni de ingreso (En algunos casos particulares Claro puede requerir un deposito en garantia que sera reintegrado al cliente en el 7: mes de servicio) * Internet 3G en mas de 300 ciudades de Argentina. * El valor del minuto y del SMS mas barato de mercado. * Planes de $29, $39, $49, $69 y $89 (a mayor costo del plan menor costo del minuto). * La mayor variedad de equipos en mercado. Y todos los beneficios de ser parte de la empresa nzmero 1 de comunicaciones en Amirica. Para recibir mas informacisn envienos un mail con sus datos a infopla...@divisioncorporativa.com.ar o respondanos este mensaje o llamenos al 011-155-463-8747 y un ejecutivo de cuentas se pondra en contacto a la brevedad para despejarle cualquier duda y posibilitarle realizar el alta del plan desde su casa, empresa u oficina. Sabina PoliEjecutivo de CuentasClaro Argentina011 155-463-8747infopla...@divisioncorporativa.com.ar Este es un email legal, libre de virus y contiene informacisn de servicios y productos que consideramos pueden ser de su interis De acuerdo con la nueva Ley argentina N: 26.032, la libre distribucisn de
HIFN 7955 Support in OpenBSD 4.6 on AMD Geode LX800 System
Hi, I have a AMD Geode LX800 based system (PC Engines ALIX 2C3) and am trying to use a HIFN 7955 (Soekris VPN1411) crypto card to improve OpenSSL performance (for SFTP and OpenVPN). However after installing the HIFN card I don't seem to get any performance gain, and all the crypto still seems to be happening in software. # fstat /dev/crypto USER CMD PID FD MOUNTINUM MODE R/WSZ|DV NAME root sshd 108173 / 79183 crw-rw-rw- rw crypto /dev/crypto root sshd 288513 / 79183 crw-rw-rw- rw crypto /dev/crypto root sshd23453 / 79183 crw-rw-rw- rw crypto /dev/crypto _openvpn openvpn158005 / 79183 crw-rw-rw- rw crypto /dev/crypto It appears that sshd openvpn are using /dev/crypto, is there a way to tell if this is actually using the HIFN card? I thought that the system might be using the built in crypto in the AMD Geode CPU instead of the HIFN and have used config -e -o bsd.new /bsd to disable glxsb (glxsb0 at pci0 dev 1 function 2 AMD Geode LX Crypto rev 0x00: RNG AES) in the kernel, and booted the new kernel config however this makes no difference. # dmesg OpenBSD 4.6 (GENERIC) #58: Thu Jul 9 21:24:42 MDT 2009 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Geode(TM) Integrated Processor by AMD PCS (AuthenticAMD 586-class) 499 MHz cpu0: FPU,DE,PSE,TSC,MSR,CX8,SEP,PGE,CMOV,CFLUSH,MMX real mem = 268009472 (255MB) avail mem = 250335232 (238MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 12/10/07, BIOS32 rev. 0 @ 0xfceb2 pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: pcibios_get_intr_routing - function not supported pcibios0: PCI IRQ Routing information unavailable. pcibios0: PCI bus #0 is the last bus bios0: ROM list: 0xe/0xa800 cpu0 at mainbus0: (uniprocessor) pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 1 function 0 AMD Geode LX rev 0x33 AMD Geode LX Crypto rev 0x00 at pci0 dev 1 function 2 not configured vr0 at pci0 dev 9 function 0 VIA VT6105M RhineIII rev 0x96: irq 10, address 00:0d:b9:14:eb:48 ukphy0 at vr0 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI 0x004063, model 0x0034 vr1 at pci0 dev 10 function 0 VIA VT6105M RhineIII rev 0x96: irq 11, address 00:0d:b9:14:eb:49 ukphy1 at vr1 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI 0x004063, model 0x0034 vr2 at pci0 dev 11 function 0 VIA VT6105M RhineIII rev 0x96: irq 12, address 00:0d:b9:14:eb:4a ukphy2 at vr2 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI 0x004063, model 0x0034 hifn0 at pci0 dev 12 function 0 Hifn 7955/7954 rev 0x00: LZS 3DES ARC4 MD5 SHA1 RNG AES PK, 32KB dram, irq 9 glxpcib0 at pci0 dev 15 function 0 AMD CS5536 ISA rev 0x03: rev 0, 32-bit 3579545Hz timer, watchdog, gpio gpio0 at glxpcib0: 32 pins pciide0 at pci0 dev 15 function 2 AMD CS5536 IDE rev 0x01: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility wd0 at pciide0 channel 0 drive 0: CF 4GB wd0: 1-sector PIO, LBA, 3823MB, 7831152 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 pciide0: channel 1 ignored (disabled) ohci0 at pci0 dev 15 function 4 AMD CS5536 USB rev 0x02: irq 15, version 1.0, legacy support ehci0 at pci0 dev 15 function 5 AMD CS5536 USB rev 0x02: irq 15 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 AMD EHCI root hub rev 2.00/1.00 addr 1 isa0 at glxpcib0 isadma0 at isa0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo com0: console pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 usb1 at ohci0: USB revision 1.0 uhub1 at usb1 AMD OHCI root hub rev 1.00/1.00 addr 1 biomask e1ef netmask ffef ttymask mtrr: K6-family MTRR support (2 registers) nvram: invalid checksum softraid0 at root root on wd0a swap on wd0b dump on wd0b clock: unknown CMOS layout I am very new to OpenBSD and any help would be appreciated. Thanks Liam
Lo Que Puede Hacer el Internet por su Negocio - Internet Marketing Experts 2010 - Marzo 26 México D.F. - Google, WSI
Congress Marketing | CapacitaciC3n por MC)xico Newsletter [IMAGE] Congreso Nacional Internet Marketing Experts iMexB. 2010 Congreso Nacional Internet Marketing Experts iMexB. 2010 El Internet Como Estrategia de Negocios Fecha: 26 de Marzo de 2010 Sede: Crowne PlazaB.Hotel de MC)xicoSer visto para ser rentable El Internet como medio de mercadotecnia ofrece beneficios excepcionales y un potencial de reconocimiento de marca para todo tipo de industria. Un evento sin precedentes que propone alternativas de vanguardia y tecnologCa expuestas por lCderes en el C!mbito. La mercadotecnia por Internet es altamente rentable, ofrece muchas ventajas C:nicas que la publicidad tradicional no puede igualar, asC como herramientas de alto impacto y desempeC1o que desarrollarC!n un verdadero vCnculo entre su empresa y su mercado meta. [IMAGE]WSI, the worldbs #1 Internet franchise company as ranked by industry leading Entrepreneur Magazine, shared its expertise with the Mexican business community by participating in the 2009 Internet Marketing Experts (iMex) Congress, Sharing stage with Google on Friday November 27. More than 100 local business owners and marketing executives convened at the Crowne PlazaB. Hotel in Mexico City for the iMex conference entitled bCongreso Nacional Internet Marketing Experts.b Solicite un Brochure con detalles del evento PDF Brochure Por favor responda este e-mail con sus datos completos Nombre: Puesto: Empresa: brTelC)fono: Ciudad: Estado: e-mail: No. de Interesados: ComunCquese a nuestro centro de atenciC3n telefC3nica y un ejecutivo de Congress Marketing con gusto le atenderC!. [IMAGE]01(33)1201-6898, (33)1562-1784 y (33)3110-6502 Objetivos y Beneficios B?QuC) puede hacer la mercadotecnia por internet por mi negocio? b Generar trC!fico a su sitio web o instalaciones fCsicas (generaciC3n de contactos, ventas, etc.) b Mejorar sus actividades promocionales en lCnea b una forma mC!s de llegar a los clientes b Extender el posicionamiento de su marca en nuevos mercados b Dar a su negocio una ventaja sobre su competencia b Reducir sus costos de mercadotecnia a la vez que mejora sus resultad Algunos de nuestros expositores Google, WSI We Simplify The InternetMiguel Alva GoogleMiguel Alva Google Director de Marketing MC)xico Ha colaborado para Motorola LatinoamC)rica (2005-2007) como Gerente de Marketing y ComunicaciC3n de Experiencia de Usuario. AhC diseC1C3 estrategias de producto que aC1adieron valor para los usuarios al responder de manera coordinada a necesidades del mercado regional, ademC!s de efectuar alianzas estratC)gicas con marcas como Gucci, Tous, Kodak y Ferrari. Ing. Carlos GuzmC!n WSIIng. Carlos GuzmC!n WSI En el pasado ha desempeC1ado posiciones directivas en Apple Computer MC)xico, BITAL, Dataflux y Toshiba. Fue director general de CENECEC asC como miembro del grupo directivo fundador del CNCI y Expertus. Congress Marketing Online S.C. B) 2009 Todos los Derechos Reservados. TelC)fonos en la Cd. de Guadalajara 01(33)1201-6898, (33)1562-1784 y (33)3110-6502 Social Media Este Mensaje ha sido enviado a misc@openbsd.org como usuario de Congress Marketing o bien un usuario le refirio para recibir este boletCn. Como usuario de Congress Marketing, en este acto autoriza de manera expresa que Congress Marketing le puede contactar vCa correo electrC3nico u otros medios. Si usted ha recibido este mensaje por error, haga caso omiso de el y reporte su cuenta respondiendo este correo con el subject BAJA CM000SCRMZ. Unsubscribe to this mailing list, reply a blank message withe the subject UNSUBSCRIBE CM000SCRMZ Tenga en cuenta que la gestiC3n de nuestras bases de datos es de suma importancia y no es intenciC3n de la empresa la inconformidad del receptor.
Broadcom NetXtreme II BCM5716 1000Base-T being recognized with bnx instead of bge.. is that OK?
Greetings. I have a R210 DELL with a built in Broadcom NetXtreme II BCM5716 1000Base-T being recognized with bnx instead of bge .. iam having problems starting the network within the OPenBSD 4.6 installer. I noticed that the manual for bge says: The bge driver provides support for various NICs based on the Broadcom BCM570x, 571x That would include my BCM5716 wouldnt it? Is there a problem if its getting recognized with the other driver? Thanks Andres
Re: Broadcom NetXtreme II BCM5716 1000Base-T being recognized with bnx instead of bge.. is that OK?
Hi, post your dmesg and pcidump -v. Did you tried 4.7 if it's repaired ? On Thu, Feb 18, 2010 at 3:11 PM, Andres Salazar ndrsslz...@gmail.com wrote: Greetings. I have a R210 DELL with B a built in Broadcom NetXtreme II BCM5716 1000Base-T being recognized with bnx instead of bge .. iam having problems starting the network within the OPenBSD 4.6 installer. I noticed that the manual for bge says: The bge driver provides support for various NICs based on the Broadcom B B BCM570x, 571x That would include my BCM5716 wouldnt it? Is there a problem if its getting recognized with the other driver? Thanks Andres -- http://www.openbsd.org/lyrics.html
Re: Broadcom NetXtreme II BCM5716 1000Base-T being recognized with bnx instead of bge.. is that OK?
On Thu, Feb 18, 2010 at 08:11:02AM -0600, Andres Salazar wrote: Greetings. I have a R210 DELL with a built in Broadcom NetXtreme II BCM5716 1000Base-T being recognized with bnx instead of bge .. iam having problems starting the network within the OPenBSD 4.6 installer. I noticed that the manual for bge says: The bge driver provides support for various NICs based on the Broadcom BCM570x, 571x That would include my BCM5716 wouldnt it? Is there a problem if its getting recognized with the other driver? No the BCM5716 is a bnx(4) card (see bnx(4)). Did you try a -current installer? -- :wq Claudio
Re: OT: opinions on IDS / IPS solutions
On Wed, Feb 17, 2010 at 11:47 PM, mehma sarja mehmasa...@gmail.com wrote: Don't bypass Snort because PFSense package makes it so easy to install and configure. A a one-click install of Snort and the only thing left to do was register and select what you want it to do. Mehma Hi Mehma, I'm hoping you can expand on this - maybe it is just me, but I'm not quite sure what you're trying to say or communicate.
Re: OT: opinions on IDS / IPS solutions
On Wed, Feb 17, 2010 at 11:28 PM, Johan Beisser j...@caustic.org wrote: On Wed, Feb 17, 2010 at 7:59 PM, Jason Beaudoin jasonbeaud...@gmail.com wrote: From a compliance perspective, I don't have much choice. From the costs, infrastructure, and administrative perspectives, I am currently evaluating whether or not I should be leaning towards and IDS or IPS solution, and of course which system/vendor. My understanding is that something like snort requires a fair bit of maintenance and IT-attention, the trade-off being cost, so I am leaning away from this. Between detection and prevention, preventing break-ins seems a bit sillier than trying to actively monitor what's going on and to then look for threats, so this pushes me more towards IDS over IPS. I agree with you. High rates of false positives, but fairly low rates of false negatives. Once the care and feeding is taken care of (turning off everything and gradually fine tuning to your current traffic helps), they're useful for alerting against unusual traffic leaving your network; not so much against automated attacks coming in the network. My own deployments are specifically to monitor for odd outbound traffic from my office. It's a rapid way to find out about the latest trojan, worm, or other infection my users have brought in on their laptops. Indeed, this is why IDS makes more sense to me, and I am glad to see this confirmed/validated by others here. So I guess this is now just a question of setting up snort versus a commercial solution. That said, the usefulness of an IDP is specifically preventing most automated and known attacks from passing in to your network. By using one of the commercial systems, you gain support, tuning, and the fact that you don't have to spend as much time with the care and feeding or writing/testing new rulesets against your current version. This is the difficult place I'm in.. to me, the commercial solution means I have someone else looking at and dealing with all of the false positives, which is something that I won't kid myself on - I don't know if I even have the time to be the fine tuning machine.. then again the cost is just plain silly when compared with a snort/bsd setup. Are there any good open source alternatives to Snort that are worth considering here? As a compliance feature, I've found most administrators put them in place and promptly turn the reporting off due to the high rate of false positives reducing the signal from the noise. jb right, which is just silly and a waste of everyone's time. thanks for sharing.. ~Jason
Re: OT: opinions on IDS / IPS solutions
Jason, I was trying to communicate my very small and limited experience with Snort on a PFSense appliance (FreeBSD + pf). The install and configuration is easy. I cannot speak to on-going maintenance on a big network. Mehma === On Thu, Feb 18, 2010 at 6:30 AM, Jason Beaudoin jasonbeaud...@gmail.comwrote: On Wed, Feb 17, 2010 at 11:47 PM, mehma sarja mehmasa...@gmail.com wrote: Don't bypass Snort because PFSense package makes it so easy to install and configure. A a one-click install of Snort and the only thing left to do was register and select what you want it to do. Mehma Hi Mehma, I'm hoping you can expand on this - maybe it is just me, but I'm not quite sure what you're trying to say or communicate.
Re: OT: opinions on IDS / IPS solutions
On Thu, Feb 18, 2010 at 2:33 AM, Tomas Bodzar tomas.bod...@gmail.com wrote: http://www.ranum.com/security/computer_security/editorials/dumb/index.html especially number 2 is targeted against IDS/IPS, antivirus and similar solutions. I found this link thanks to my colleague and it's really very descriptive. Great article, and definitely right on.. and it certainly makes me appreciate the openbsd community, as I've picked up on this more true perspective of security having hung around here for long enough that it all rubs off. Anyway.. thanks Tomas!
Re: OT: opinions on IDS / IPS solutions
Jason Beaudoin wrote: On Wed, Feb 17, 2010 at 11:28 PM, Johan Beisser j...@caustic.org wrote: On Wed, Feb 17, 2010 at 7:59 PM, Jason Beaudoin jasonbeaud...@gmail.com wrote: From a compliance perspective, I don't have much choice. From the costs, infrastructure, and administrative perspectives, I am currently evaluating whether or not I should be leaning towards and IDS or IPS solution, and of course which system/vendor. My understanding is that something like snort requires a fair bit of maintenance and IT-attention, the trade-off being cost, so I am leaning away from this. Between detection and prevention, preventing break-ins seems a bit sillier than trying to actively monitor what's going on and to then look for threats, so this pushes me more towards IDS over IPS. I agree with you. High rates of false positives, but fairly low rates of false negatives. Once the care and feeding is taken care of (turning off everything and gradually fine tuning to your current traffic helps), they're useful for alerting against unusual traffic leaving your network; not so much against automated attacks coming in the network. My own deployments are specifically to monitor for odd outbound traffic from my office. It's a rapid way to find out about the latest trojan, worm, or other infection my users have brought in on their laptops. Indeed, this is why IDS makes more sense to me, and I am glad to see this confirmed/validated by others here. So I guess this is now just a question of setting up snort versus a commercial solution. That said, the usefulness of an IDP is specifically preventing most automated and known attacks from passing in to your network. By using one of the commercial systems, you gain support, tuning, and the fact that you don't have to spend as much time with the care and feeding or writing/testing new rulesets against your current version. This is the difficult place I'm in.. to me, the commercial solution means I have someone else looking at and dealing with all of the false positives, which is something that I won't kid myself on - I don't know if I even have the time to be the fine tuning machine.. then again the cost is just plain silly when compared with a snort/bsd setup. Are there any good open source alternatives to Snort that are worth considering here? As a compliance feature, I've found most administrators put them in place and promptly turn the reporting off due to the high rate of false positives reducing the signal from the noise. jb right, which is just silly and a waste of everyone's time. thanks for sharing.. ~Jason bro-ids may be an alternative for you to consider. There is a port/package like snort and the maintainer had asked for feedback/tests for the new version 1.5.1 in the lists recently. It has a number of features that I felt complemented Snort's list of features. -- Vijay Sankar, M.Eng., P.Eng. ForeTell Technologies Limited 59 Flamingo Avenue, Winnipeg, MB, Canada R3J 0X6 Phone: (204) 885-9535, E-Mail: vsan...@foretell.ca
Re: OT: opinions on IDS / IPS solutions
On Thu, Feb 18, 2010 at 10:08 AM, Vijay Sankar vsan...@foretell.ca wrote: bro-ids Great suggestion! thank you :)
Re: OT: opinions on IDS / IPS solutions
Allow me to speak from another perspective. It all depends on $$, and the network you have and how much leverage the security team has. Usually, the security team does not have as much leverage and needs to play catch up. Understand this - no matter which solution you choose, IDS/IPS/opensource/commercial, *someone* has to dedicate time to watching the logs and alerts, or you might as well not do it. When we implemented ours, my IPS guy spent half a year analyzing the traffic, working out with each team on documenting every single traffic pattern. Once that is done, we flipped the switch and turned the monitoring into prevention mode. And unless you have a huge security team, I'll take every bit of help I can take - I used to be against IPS (preferring IDS instead), but after living with it for 3 years, I'll take IPS to knock off some of the crap. Just don't get ISS crap. Also, snort is good, but you must know what you're doing. Our snort box, running on an old throw away box, and only capturing/analyzing 10 minutes of every hour, is giving us *MORE* useful data than half a mil worth of ISS crap. And the commercial version, sourcefire, is even better. My ex-coworkers at another place just had a shoot out of 10G devices, and sourcefire came out heads and shoulders against everyone else. -- http://www.glumbert.com/media/shift http://www.youtube.com/watch?v=tGvHNNOLnCk This officer's men seem to follow him merely out of idle curiosity. -- Sandhurst officer cadet evaluation. Securing an environment of Windows platforms from abuse - external or internal - is akin to trying to install sprinklers in a fireworks factory where smoking on the job is permitted. -- Gene Spafford learn french: http://www.youtube.com/watch?v=30v_g83VHK4
Re: Installer caching selections across different installations... how?
I have been installing OpenBSD 4.6 inside a VMWare ESXi 4.0 virtual machine and ran into a strange behavior I can't explain... it seems to cache my installation options between totally unrelated virtual machines. The process goes like this: I create a new 'Typical' virtual machine, select 'Other' as the guest OS and choose 'Other (32-bit)' in the Version pulldown menu. I accept all default settings (256MB ram, 1 vCPU, 8GB disk, etc) and check the Thin Provisioning disk allocation checkbox. I then associate the cd46.iso file (stored on a datastore) with the virtual cdrom drive and boot off of it to begin the installation process, where I specify a local LAN ftp server to fetch the install media from. The install process goes as expected and the virtual machine is running happily along... The thing is, when I create a second brand new virtual machine using the process described above and get to the 'select install media' step, it already has my local ftp server's name populated! As far as I can tell, the only thing in common between the two installation processes is the cd46.iso file. This isn't necessarily bad, I just can't explain why its happening. Two questions: 1) Is anyone else observing this behavior? 2) Can anyone explain why it is occurring? It is entirely intentional, and designed into the install scripts. For the large majority of people, this is very helpful behaviour. For people using NAT and other IP sharing mechanisms, yes, it can be akward, but you are (and will remain) in the minority.
Re: Installer caching selections across different installations... how?
Ah, this definitely makes sense. It is a handy little feature but I am a little surprised the privacy advocates out there in OpenBSD-land didn't cry foul about reporting information back to the mothership like that. Perhaps they finally learned that we would not care in the least what they cried about.
Re: OT: opinions on IDS / IPS solutions
interesting spot on remarks Just don't get ISS crap. Also, snort is good, but you must know what you're doing. Our snort box, running on an old throw away box, and only capturing/analyzing 10 minutes of every hour, is giving us *MORE* useful data than half a mil worth of ISS crap. Care to elaborate? :) more interesting information Thanks!
MAX_KMAPENT and NKMEMPAGES
Hello Community. There are 2 parameters that I would want to understand better and trace somehow: MAX_KMAPENT, and NKMEMPAGES. notice: I have found only one source of such info: Running and tuning OpenBSD network server in a production environment (Oct 8, 2002) http://www.openbsd.org/papers/tuning-openbsd.ps I'll be glad to know about any additional source that I can read to understand it better. I have rebuilt kernel with following values: option NKMEMPAGES=32768 option MAX_KMAPENT=3072 MAX_KMAPENT check: # vmstat -s 6179 kernel map entries (how can it be more then 3072 ?) NKMEMPAGES check: # vmstat -m Memory resource pool statistics NameSize Requests FailInUse Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle mbpl 256 189887305 0 1239 49932 467 467 1 384 353 mcl2k 2048 1414599843 0 521 1857 0 1857 1857 4 3072 1590 People often write that we can find some correlation between these params and NKMEMPAGES. I can't find any correlation here, so any hints are welcome. thank you. -- Vasiliy Kiryanov
Re: Apache Firefox and Ogg Theora (Byte-range requests)
2010/2/18 Pierre-Yves Ritschard p...@spootnik.org This appears to be due to the format of the string being passed to strtonum(). ap_strtol() was tolerant of it. It's being passed the string from the Range: header. For example, the following valid request (taken directly from sniffing a wget session). GET /testfile HTTP/1.0 Range: bytes=300417024- This ends up following the code path of the first strtonum() call around line 159 in http_protocol.c in the parse_byterange() function. The string passed to strtonum to convert (r-range) not only contains the number from the header, but the trailing dash (300417024-), which strtonum does not like. As strtonum fails, the start offset is set to 0. This bug should be present on a 64-bit arch as well. Hi, I broke it when unbreaking support for large files in Content-Length (which would otherwise report 0). I'll have a diff ready soon which fixes that. - pyr. I'm glad to hear this :)
Re: HIFN 7955 Support in OpenBSD 4.6 on AMD Geode LX800 System
On Fri, Feb 19, 2010 at 01:21:18AM +1300, Liam Farr wrote: | I have a AMD Geode LX800 based system (PC Engines ALIX 2C3) and am trying to | use a HIFN 7955 (Soekris VPN1411) crypto card to improve OpenSSL performance | (for SFTP and OpenVPN). | | However after installing the HIFN card I don't seem to get any performance | gain, and all the crypto still seems to be happening in software. | | # fstat /dev/crypto | USER CMD PID FD MOUNTINUM MODE R/WSZ|DV NAME | root sshd 108173 / 79183 crw-rw-rw- rw crypto /dev/crypto | root sshd 288513 / 79183 crw-rw-rw- rw crypto /dev/crypto | root sshd23453 / 79183 crw-rw-rw- rw crypto /dev/crypto | _openvpn openvpn158005 / 79183 crw-rw-rw- rw crypto /dev/crypto I quick search of this list's archives or the archives of soekris-t...@lists.soekris.com will likely provide you with an answer. Essentially, on these lower-power devices, the cost of moving the data to and from the crypto card across the PCI bus negates most performance gains you would achieve trying to offload it. This, however, is but one possible answer to your problem. -- Ryan Corder || () ASCII ribbon campaign ryanc at greengrey.org || /\ against HTML email http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x1CB59D69 [demime 1.01d removed an attachment of type application/pgp-signature]
Re: HIFN 7955 Support in OpenBSD 4.6 on AMD Geode LX800 System
On 2/18/2010 7:21 AM, Liam Farr wrote: Hi, I thought that the system might be using the built in crypto in the AMD Geode CPU instead of the HIFN and have used config -e -o bsd.new /bsd to disable glxsb (glxsb0 at pci0 dev 1 function 2 AMD Geode LX Crypto rev 0x00: RNG AES) in the kernel, and booted the new kernel config however this makes no difference. LF: FreeBSD had a cool utility alled cryptotstats that poll()'d usage stats out of the kernel for debugging. http://www.freebsd.org/cgi/cvsweb.cgi/src/tools/tools/crypto/ It was written by Sam Leffer. I've been meaning to port it over to NetBSD/OpenBSD. LMK and I'll jump in. ~BAS
Popusti za super poklone, još do kraja februara!
; Najbolji pokloni u mesecu ljubavi uz popuste i do 25% ; Super ponuda traje još samo 10 dana, poEurite! ; PronaDite pravi poklon za onog koga volite ili nešto za sebe! Pravo je vreme, iskoristite Super ponudu! Dan zaljubljenih Pogledajte sve iz Ponude za zaljubljene; Dan zaljubljenih Ovu elektronsku poštu primate, ukoliko ste svojevoljno ostavili svoju e-mail adresu na nekom od sajtova Top Shop-a, uD estvovali u našoj poklon igri ili nagradnom kvizu ili se prijavili za e-D asopis Top Shop-a ili nekog od nasih brendova. Ponude date u ovom e-mailu vaEe iskljuD ivo za porudEbine upuDene putem Interneta ili broja telefona 021 489 26 60. Ponude vaEe do 10. 02. 2010. ili do isteka zaliha. Isporuku vršimo samo u Srbiji. Ukoliko ne Eelite više da primate naše elektronske poruke, za odjavljivanje sa naše e-mailing liste, , kliknite ovde. U obrazac na internet stranici upišite svoju taD nu e-mail adresu i odjavu potvrdite. Studio Moderna d.o.o., Bulevar vojvode Stepe 30, 21000 Novi Sad, Tel: 021 489 26 60, Fax: 021 489 29 08, E-mail: i...@news.e-topshop.tv [IMAGE]If you would no longer like to receive our emails please unsubscribe by clicking here.
mod_ldapvhost
Hello I have a problem with mod_ldapvhost. It won't resolve hosts. I still have DocumentRoot from httpd.conf. Does it require any aditional configuration ? I'm sure that connection between apache and openldap is estabilished poperly. Maybe someone have an example ldif file to test. Unfortunatelly there is no documentation for mod_ldapvhost. Thanks for any help, Bambero
Re: How to change pciide to ahci if there is no option for this in BIOS
Hi, There is no runtime option to enable AHCI support (..although it would be nice). If the BIOS doesn't provide the ability to configure this, your only recourse is to modify the ahci.c driver and force attach on this specific device. Last month I posted a diff for someone else, although it didn't appear to help him. http://marc.info/?t=12647775751r=1w=2 It is possible however that the controller does not support AHCI, and it isn't guaranteed to solve any performance problems. -Bryan.
Re: Current on FuLoong unable to figure out system type
On Thu, 18 Feb 2010, Otto Moerbeek wrote: Retry with boot -k tftp://..., as suggested by the error message. Also PMON sometimes gets confused, and a power cycle is needed (using the reset button is not enough in all cases). Thanks. I had misinterpreted the message and put the -k as an argument for bsd.rd Boots bsd.rd fine now. There are a great many 'spurious interrupt 4' messages during the installation process. The ext2 boot partition seems to still needed for booting. I tried to dig out some linux netboot for that but couldn't find anything that supports fuloong yet. Ended up using dd to make the ext2 partition. It boots bsd current just fine now via the ext2 partition. /Lars
Re: mod_ldapvhost
On Thu, Feb 18, 2010 at 08:23:08PM +0100, Bambero wrote: Hello I have a problem with mod_ldapvhost. It won't resolve hosts. I still have DocumentRoot from httpd.conf. Does it require any aditional configuration ? I'm sure that connection between apache and openldap is estabilished poperly. You likely need to work out how to get /etc/resolv.conf inside your http chroot. This has been discussed enough on the list that you shouldn't have any trouble figuring out how to shoehorn most anything, up to and including a working Windows7 install, into the chroot environment. Maybe someone have an example ldif file to test. Unfortunatelly there is no documentation for mod_ldapvhost. Thanks for any help, Bambero
Re: How to change pciide to ahci if there is no option for this in BIOS
This system is definitely too old for AHCI to be a chipset option. You could always add in a cheap SATA card with Silicon Image chip, the sili driver supports NCQ... 1-3MB/sec isn't near the max speed of any of your hardware, and you fail to mention what you are doing while iostat is running to show this. What is the problem again? Tomas Bodzar [tomas.bod...@gmail.com] wrote: Hi all, my friend started using of OpenBSD on his server, but he has quite bad perfomance with his disk. Actually it's running under native mode : pciide1 at pci0 dev 31 function 2 Intel 82801EB SATA rev 0x02: DMA, channel 0 configured to native-PCI, channel 1 configured to native-PCI pciide1: using apic 2 int 18 (irq 9) for native-PCI interrupt and there is no chance to switch it to AHCI. So he will install newer BIOS (there is no info about possible new option for it in release notes). So before additional tests it will be ok if it will be possible to switch to AHCI directly. Is there this option? From man page for pciide I can see that it's possible to set some options for some controllers over config so is it possible for AHCI too? Soft updates aren't enabled and I know that it will have impact on performance so he will enable it. Then it's only on AHCI/native, namei cache and combination of all HW involved. ttycd0 wd0 cpu tin tout KB/t t/s MB/s KB/t t/s MB/s us ni sy in id 0 18 0.00 0 0.00 26.55 49 1.27 3 0 3 3 92 0 89 0.00 0 0.00 14.93 214 3.12 13 0 21 14 53 00 0.00 0 0.00 15.54 171 2.60 13 0 11 10 65 00 0.00 0 0.00 15.91 161 2.51 16 0 12 10 62 00 0.00 0 0.00 15.83 168 2.60 17 0 12 8 62 00 0.00 0 0.00 15.87 165 2.56 14 0 14 8 64 0 176 0.00 0 0.00 16.00 199 3.10 14 0 11 11 63 00 0.00 0 0.00 15.84 179 2.77 11 0 14 14 60 00 0.00 0 0.00 15.49 150 2.26 14 0 14 9 62 00 0.00 0 0.00 14.24 130 1.81 13 0 12 5 69 procsmemory pagediskstraps cpu r b wavm fre flt re pi po fr sr cd0 wd0 int sys cs us sy id 0 5 0 19584 414996 508 0 0 0 0 0 0 54 1006 5732 1859 3 5 92 0 5 0 19592 414988 25 0 0 0 0 0 0 116 8059 43686 14876 17 30 53 1 5 0 19592 4149887 0 0 0 0 0 0 0 4384 26122 9199 15 27 57 0 5 0 19592 414956 11 0 0 0 0 0 0 0 4486 26236 9287 17 23 60 1 5 0 19592 414972 34 0 0 0 0 0 0 0 4005 24506 8873 14 16 70 0 5 0 19592 4149887 0 0 0 0 0 0 0 4594 26552 9348 15 21 63 0 5 0 19592 4149487 0 0 0 0 0 0 0 4493 26480 9379 17 23 59 0 5 0 19592 4149487 0 0 0 0 0 0 2 4086 24244 8709 17 19 64 1 5 0 19592 414964 11 0 0 0 0 0 0 0 4096 24023 8595 14 18 67 0 5 0 19592 415012 34 0 0 0 0 0 0 0 4582 26632 9397 19 21 59 OpenBSD 4.7-beta (GENERIC.MP) #409: Sun Feb 7 17:09:00 MST 2010 t...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP RTC BIOS diagnostic error 18memory_size,fixed_disk cpu0: Intel(R) Pentium(R) 4 CPU 2.40GHz (GenuineIntel 686-class) 2.40 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID,xTPR real mem = 534806528 (510MB) avail mem = 509517824 (485MB) RTC BIOS diagnostic error 18memory_size,fixed_disk mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 09/29/04, BIOS32 rev. 0 @ 0xffe90, SMBIOS rev. 2.3 @ 0xf0450 (69 entries) bios0: vendor Dell Computer Corporation version A06 date 09/29/2004 bios0: Dell Computer Corporation OptiPlex GX270 acpi0 at bios0: rev 0 acpi0: tables DSDT FACP SSDT APIC BOOT ASF! acpi0: wakeup devices VBTN(S4) PCI0(S3) USB0(S3) USB1(S3) USB2(S3) USB3(S3) PCI1(S5) MOU_(S3) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: apic clock running at 199MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Pentium(R) 4 CPU 2.40GHz (GenuineIntel 686-class) 2.40 GHz cpu1: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID,xTPR ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins ioapic0: misconfigured as apic 0, remapped to apid 2 acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 1 (PCI1) acpicpu0 at acpi0 acpicpu1 at acpi0 acpibtn0 at acpi0: VBTN bios0: ROM list: 0xc/0xa800 0xca800/0x1800! pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 Intel 82865G Host rev 0x02 vga1 at pci0 dev 2 function 0 Intel 82865G Video rev 0x02 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) intagp0
Re: Current on FuLoong unable to figure out system type
On Thu, Feb 18, 2010 at 09:44:17PM +0200, Lars Nooden wrote: On Thu, 18 Feb 2010, Otto Moerbeek wrote: Retry with boot -k tftp://..., as suggested by the error message. Also PMON sometimes gets confused, and a power cycle is needed (using the reset button is not enough in all cases). Thanks. I had misinterpreted the message and put the -k as an argument for bsd.rd Boots bsd.rd fine now. There are a great many 'spurious interrupt 4' messages during the installation process. The ext2 boot partition seems to still needed for booting. I tried to dig out some linux netboot for that but couldn't find anything that supports fuloong yet. Ended up using dd to make the ext2 partition. It boots bsd current just fine now via the ext2 partition. /Lars The sprurious interrupts will be solved if you update to current. The lasy days I spent on working at the install procedure. The code I am about to commit is able to create a small ext2 partition or use an existing ext2 one to install the bootloader on. The kernel the wil be read from ffs. -Otto
Re: OT: opinions on IDS / IPS solutions
On Thu, Feb 18, 2010 at 11:48 AM, Laurens Vets laur...@daemon.be wrote: interesting spot on remarks Just don't get ISS crap. Also, snort is good, but you must know what you're doing. Our snort box, running on an old throw away box, and only capturing/analyzing 10 minutes of every hour, is giving us *MORE* useful data than half a mil worth of ISS crap. Care to elaborate? :) Which parts? ISS suck so much that even though IBM spent $$ to acquire them, IBM is now killing the entire product line? What kills me (and *TAKE NOTE - THOSE WHO REPORT TO PHBs*) is that just a few months ago, we read a report on how ISS's IPS took top billing in some magazine or review. On what we're doing internally, we're capturing data for 10 minutes every hour, and then having the box analyze that data using a variety of tools including snort. It then sends us information on crap such as botnet command/control traffic among other things. Things that we have full packet captures on, that ISS refuses to provide. We also drop it into a graphing tool, so we get nice maps of green/good traffic and red/bad traffic, and you can see that 3 boxes that's talking to all the botnet CC servers, etc. We're still working on it, and I hope the new(er) servers we are putting in will be able to provide better/more info. Hopefully we'll buy some really beefy servers later in the year so that we can do full analysis. I'll send a list of the tools we used later, have to ping my guy for it :) -- http://www.glumbert.com/media/shift http://www.youtube.com/watch?v=tGvHNNOLnCk This officer's men seem to follow him merely out of idle curiosity. -- Sandhurst officer cadet evaluation. Securing an environment of Windows platforms from abuse - external or internal - is akin to trying to install sprinklers in a fireworks factory where smoking on the job is permitted. -- Gene Spafford learn french: http://www.youtube.com/watch?v=30v_g83VHK4
Cursos y Promociones de Febrero
SERVICIOS VISISN HUMANA ; Visisn Humana (Consultorma en Recursos Humanos) tiene el agrado de invitarlo a nuestros cursos que se impartiran en el mes de Febrero. Dar un click para ver el tamario. CURSO DE IMSS (SUA IDSE) 19 de Febrero DETERMINACISN PRIMA DE RIESGO DE TRABAJO 2010 (20 de Febrero) TALLER INTEGRAL DE NSMINAS 2010 (22, 23 y 24 de Febrero) INTELIGENCIA EMOCIONAL APLICADA AL LIDERAZGO (25 de Febrero) CURSO DE MACHOVER (DIBUJO DE LA FIGURA HUMANA) 26 de Febrero CURSO DE NSMINAS 2010 (27 de Febrero) CURSO DE PRUEBAS PSICOLSGICAS EN R.H. 1 (5 de Marzo) SEDE: Visisn Humana Dr. Barragan N: 560 Despacho 5 Col. Narvarte, Mixico D.F. Tels. 4633 7752 (llamada local en el D.F.) Fax: 3548 1624 (llamada local en el D.F.) capacitac...@serviciosvisionhumana.com.mx SERVICIOS Reclutamiento y Seleccisn de Personal Evaluaciones Psicolsgicas Estudios Socioeconsmicos EVALUACISN POLIGRAFICA Maquila de Nsmina CONTACTO capacitac...@serviciosvisionhumana.com.mx www.serviciosvisionhumana.com.mx Tel: (0155) 4633 7752 Fax: (0155) 3548 1624 ACEPTAMOS TODAS LAS TARJETAS DE CRIDITO Y DIBITO (Excepto American Express) Recuerde que esta informacisn le puede ser ztil en un futuro. Para darse de baja responder con el tmtulo BORRAR.
Re: HIFN 7955 Support in OpenBSD 4.6 on AMD Geode LX800 System
On 2/18/2010 12:47 PM, Ryan Corder wrote: Essentially, on these lower-power devices, the cost of moving the data to and from the crypto card across the PCI bus negates most performance gains you would achieve trying to offload it. Right Where as on servers, these devices only offer a benefit of the CPU is saturated and this permits for work offload, allowing the main system to use CPU for other things. Unfortunately, its often less expensive to buy more cores on production servers than to put an $800 crypto card in. But if you're doing lots of stuff on your AMD Geode appliance ...you may find it beneficial. That's why you see crypto card manufacturers getting into things like HSMs and other products now, because the heyday of helping out a Pentium-III server with a Crypto Accelerator is over. ~BAS
Re: mod_ldapvhost
This is not DNS related. Maybe I should write: Apache can't see virtualhosts in LDAP. On Thu, Feb 18, 2010 at 8:45 PM, Bret S. Lambert bret.lamb...@gmail.com wrote: On Thu, Feb 18, 2010 at 08:23:08PM +0100, Bambero wrote: Hello I have a problem with mod_ldapvhost. It won't resolve hosts. I still have DocumentRoot from httpd.conf. Does it require any aditional configuration ? I'm sure that connection between apache and openldap is estabilished poperly. You likely need to work out how to get /etc/resolv.conf inside your http chroot. This has been discussed enough on the list that you shouldn't have any trouble figuring out how to shoehorn most anything, up to and including a working Windows7 install, into the chroot environment. Maybe someone have an example ldif file to test. Unfortunatelly there is no documentation for mod_ldapvhost. Thanks for any help, Bambero
Dump levels ?
Hi, Is it possible to clarify what resides behind the concept of levels regarding dump(8) ? For me the level 0 is understood to be a complete dump of all files on at a given mount point and all subdirectories. But I can't figure out what upper levels are. Regards
Re: Dump levels ?
On Thu, Feb 18, 2010 at 10:54:55PM +0100, Jean-Francois wrote: Hi, Is it possible to clarify what resides behind the concept of levels regarding dump(8) ? For me the level 0 is understood to be a complete dump of all files on at a given mount point and all subdirectories. But I can't figure out what upper levels are. Regards A level 0 dumps includes all files. A level n dump are all the files that have changed or were added since the last level n - 1 dump. -Otto
Re: Dump levels ?
On Thu, Feb 18, 2010 at 10:54:55PM +0100, Jean-Francois wrote: Hi, Is it possible to clarify what resides behind the concept of levels regarding dump(8) ? For me the level 0 is understood to be a complete dump of all files on at a given mount point and all subdirectories. But I can't figure out what upper levels are. Regards from dump(8)'s man page: -0-9Dump levels. A level 0, full backup, guarantees the entire file system is copied (but see also the -h option below). A level number above 0, incremental backup, tells dump to copy all files new or modified since the last dump of a lower level. The de- fault level is 0. So a dump of level 0 is a complete dump, a dump of level 1 is a dump of all files since last dump 0, a dump of level 2 is a dump of all files since last dump of level 1, and so on Gilles -- Gilles Chehade freelance developer/sysadmin/consultant http://www.poolp.org
Re: Dump levels ?
Le Jeudi 18 Fivrier 2010 23:02:38, Otto Moerbeek a icrit : On Thu, Feb 18, 2010 at 10:54:55PM +0100, Jean-Francois wrote: Hi, Is it possible to clarify what resides behind the concept of levels regarding dump(8) ? For me the level 0 is understood to be a complete dump of all files on at a given mount point and all subdirectories. But I can't figure out what upper levels are. Regards A level 0 dumps includes all files. A level n dump are all the files that have changed or were added since the last level n - 1 dump. -Otto My dump level 1 dumps all the files again. How to let it dump based on the lower level ? I did as follows : sudo dump -0ua -f /mnt/tera/backup/2010.02.18_www.0 /var/www/htdocs/ sudo dump -0ua -f /mnt/tera/backup/2010.02.18_www.1 /var/www/htdocs/ Regards
Re: OT: opinions on IDS / IPS solutions
On Thu, Feb 18, 2010 at 2:59 PM, bofh goodb...@gmail.com wrote: On Thu, Feb 18, 2010 at 11:48 AM, Laurens Vets laur...@daemon.be wrote: interesting spot on remarks Just don't get ISS crap. Also, snort is good, but you must know what you're doing. Our snort box, running on an old throw away box, and only capturing/analyzing 10 minutes of every hour, is giving us *MORE* useful data than half a mil worth of ISS crap. Care to elaborate? :) Which parts? ISS suck so much that even though IBM spent $$ to acquire them, IBM is now killing the entire product line? What kills me (and *TAKE NOTE - THOSE WHO REPORT TO PHBs*) is that just a few months ago, we read a report on how ISS's IPS took top billing in some magazine or review. I haven't done my indepth homework on commercial solutions - we're a small company with a small budget, and have been reviewing various solutions in the 20k / yr range (trustwave, alert logic, tripwire, etc). But a good point has been brought up about overall access and the depth of information available.. I'll have to dig deeper on this. I don't know if this is a big enough issue for us to overcome the major plus (offloading the constant analysis, our team is small). On what we're doing internally, we're capturing data for 10 minutes every hour, and then having the box analyze that data using a variety of tools including snort. It then sends us information on crap such as botnet command/control traffic among other things. Things that we have full packet captures on, that ISS refuses to provide. We also drop it into a graphing tool, so we get nice maps of green/good traffic and red/bad traffic, and you can see that 3 boxes that's talking to all the botnet CC servers, etc. Sounds pretty rockin' - I'm sure it took a while to get that sorted out and up to a usable form. We're still working on it, and I hope the new(er) servers we are putting in will be able to provide better/more info. Hopefully we'll buy some really beefy servers later in the year so that we can do full analysis. I'll send a list of the tools we used later, have to ping my guy for it :) That would be fantastic, I am surely interested in some of the details of how you have put this together. Thanks for sharing! ~Jason
Re: Dump levels ?
On Thu, Feb 18, 2010 at 11:21 PM, Jean-Francois jfsimon1...@gmail.com wrote: [snip] My dump level 1 dumps all the files again. How to let it dump based on the lower level ? I did as follows : sudo dump -0ua -f /mnt/tera/backup/2010.02.18_www.0 /var/www/htdocs/ sudo dump -0ua -f /mnt/tera/backup/2010.02.18_www.1 /var/www/htdocs/ You did two level 0 dumps, so what else you expect ?;)
Re: Dump levels ?
On Thu, Feb 18, 2010 at 11:21:02PM +0100, Jean-Francois wrote: Le Jeudi 18 Fivrier 2010 23:02:38, Otto Moerbeek a icrit : On Thu, Feb 18, 2010 at 10:54:55PM +0100, Jean-Francois wrote: Hi, Is it possible to clarify what resides behind the concept of levels regarding dump(8) ? For me the level 0 is understood to be a complete dump of all files on at a given mount point and all subdirectories. But I can't figure out what upper levels are. Regards A level 0 dumps includes all files. A level n dump are all the files that have changed or were added since the last level n - 1 dump. -Otto My dump level 1 dumps all the files again. How to let it dump based on the lower level ? I did as follows : sudo dump -0ua -f /mnt/tera/backup/2010.02.18_www.0 /var/www/htdocs/ sudo dump -0ua -f /mnt/tera/backup/2010.02.18_www.1 /var/www/htdocs/ You are doing two level 0 dumps. The seconds invication should use -1ua Also, note that these dumps are filesystem dumps. A whole filesystem is dumped this way. -Otto Regards
Re: Dump levels ?
Le Jeudi 18 Fivrier 2010 23:43:38, Adriaan a icrit : On Thu, Feb 18, 2010 at 11:21 PM, Jean-Francois jfsimon1...@gmail.com wrote: [snip] My dump level 1 dumps all the files again. How to let it dump based on the lower level ? I did as follows : sudo dump -0ua -f /mnt/tera/backup/2010.02.18_www.0 /var/www/htdocs/ sudo dump -0ua -f /mnt/tera/backup/2010.02.18_www.1 /var/www/htdocs/ You did two level 0 dumps, so what else you expect ?;) Mistyped the mail. I proceed in this way and get two times the same dump. Is it normal ? sudo dump -0ua -f /mnt/tera/backup/2010.02.18_www.0 /var/www/htdocs/ sudo dump -1ua -f /mnt/tera/backup/2010.02.18_www.1 /var/www/htdocs/
Re: HIFN 7955 Support in OpenBSD 4.6 on AMD Geode LX800 System
On 2010-02-18, Liam Farr liamf...@me.com wrote: I have a AMD Geode LX800 based system (PC Engines ALIX 2C3) and am trying to use a HIFN 7955 (Soekris VPN1411) crypto card to improve OpenSSL performance (for SFTP and OpenVPN). You could compare your current results with those after setting sysctl kern.usercrypto=0 - e.g. openssl speed -evp aes128 -elapsed If the accelerator is working for the cipher you're testing, you will most likely see some gains on the larger block sizes, and probably a slow-down on smaller block sizes.
Re: Dump levels ?
Quoting Jean-Francois jfsimon1...@gmail.com: Hi, Is it possible to clarify what resides behind the concept of levels regarding dump(8) ? For me the level 0 is understood to be a complete dump of all files on at a given mount point and all subdirectories. But I can't figure out what upper levels are. Regards Dump levels other than 0 allow you to make partial dumps. I used to do dump level 0's at the start of the month. Then from Monday to Thursday I'd to dump 9's. Each dump would save things from the previous 9 (or 0 the first time). Friday's I'd do a level 8. Thus each M-T I'd save the days work, Friday I'd save the weeks work. Then at the start of the next month a level 0 dump would make a copy of everything. Each dump level going downwards saves all the data from previous (higher) numbered dumps. --STeve Andre'
Re: Split by CUE
This is probably not what you want, but just for the heck of it: you can split MP3 and OGG files by CUE sheet --without reincoding-- using mp3splt-gtk: http://www.openbsd.org/4.6_packages/i386/mp3splt-gtk-0.5.4p0.tgz-long.html I don't think mp3splt can split WAV files though. This page is heavy on the Linux, but it suggests that shntool and cuetool *may* be able to split WAVs by CUE sheet (I haven't actually tried this): http://aidanjm.wordpress.com/2007/02/15/split-lossless-audio-ape-flac-wv-wav-by-cue-file/ http://www.etree.org/shnutils/shntool/ http://freshmeat.net/projects/cuetools/ However, you'd probably be the first to port shntool and chuetools to OpenBSD. On the plus side, there is an existing port for xmms-shn, a software by the same author as shntool: http://www.etree.org/shnutils/ -- and this *could* indicate that porting at least shntool *may* be easier than expected. regards, --ropers On 16 February 2010 10:50, Stas Miasnikou m...@gurtam.com wrote: What tools do you use to split .wav (.flac, .ape, etc) by CUE sheet?
OT, .. but has anyone seen a crontab editor
that would be useable for basic sysadmin types (maybe something nCurses)? Found one tcl/tk at: http://www.linux-kheops.com/pub/vcron/vcronGB.html but running an X tool would app would be too complicated for this requirement. TIA, Lee
Re: OT, .. but has anyone seen a crontab editor
What kind of basic unix admin can't deal with % export EDITOR=vi % crontab -e ? On 2/18/10, L. V. Lammert l...@omnitec.net wrote: that would be useable for basic sysadmin types (maybe something nCurses)? Found one tcl/tk at: http://www.linux-kheops.com/pub/vcron/vcronGB.html but running an X tool would app would be too complicated for this requirement. TIA, Lee -- Sent from my mobile device http://www.glumbert.com/media/shift http://www.youtube.com/watch?v=tGvHNNOLnCk This officer's men seem to follow him merely out of idle curiosity. -- Sandhurst officer cadet evaluation. Securing an environment of Windows platforms from abuse - external or internal - is akin to trying to install sprinklers in a fireworks factory where smoking on the job is permitted. -- Gene Spafford learn french: http://www.youtube.com/watch?v=30v_g83VHK4
Re: Split by CUE
On Thu, Feb 18, 2010 at 18:26, ropers rop...@gmail.com wrote: This is probably not what you want, but just for the heck of it: you can split MP3 and OGG files by CUE sheet --without reincoding-- using mp3splt-gtk: http://www.openbsd.org/4.6_packages/i386/mp3splt-gtk-0.5.4p0.tgz-long.html I don't think mp3splt can split WAV files though. This page is heavy on the Linux, but it suggests that shntool and cuetool *may* be able to split WAVs by CUE sheet (I haven't actually tried this): http://aidanjm.wordpress.com/2007/02/15/split-lossless-audio-ape-flac-wv-wav-by-cue-file/ http://www.etree.org/shnutils/shntool/ http://freshmeat.net/projects/cuetools/ However, you'd probably be the first to port shntool and chuetools to OpenBSD. On the plus side, there is an existing port for xmms-shn, a software by the same author as shntool: http://www.etree.org/shnutils/ -- and this *could* indicate that porting at least shntool *may* be easier than expected. regards, --ropers On 16 February 2010 10:50, Stas Miasnikou m...@gurtam.com wrote: What tools do you use to split .wav (.flac, .ape, etc) by CUE sheet? When I was investigating abcde for FLAC creation, there was the ability to make CUE files using mkcue, but our version didn't have it in ports. I was able to pull the source using subversion and install mkcue with no issues. I really need to sit down and create a port for it, since it built very quickly. http://code.google.com/p/abcde/source/checkout yea, it's not perfect, but it works.
Re: OT, .. but has anyone seen a crontab editor
On Thu, 18 Feb 2010, bofh wrote: What kind of basic unix admin can't deal with % export EDITOR=vi % crontab -e ? Didn't say they were *unix* admins, .. no way I'd saddle some of these guys with vi, much less setting the cron time parameters correctly. Lee
Re: OT, .. but has anyone seen a crontab editor
On Fri, 19 Feb 2010 01:25:48 -, bofh goodb...@gmail.com wrote: What kind of basic unix admin can't deal with % export EDITOR=vi % crontab -e The kind that I don't want messing with crontab to begin with. -- Using Opera M2: http://www.opera.com/mail/
LIMPE SEU NOME
LIMPE SEU NOME SEM PRECISAR PAGAR AS DIVIDAS MANDE UM EMAIL E PACA INFORMACOES limpeagora...@hotmail.com
Re: OT, .. but has anyone seen a crontab editor
On Thu, Feb 18, 2010 at 5:39 PM, Robert Bronsdon reash...@gmail.com wrote: On Fri, 19 Feb 2010 01:25:48 -, bofh goodb...@gmail.com wrote: What kind of basic unix admin can't deal with % export EDITOR=vi % crontab -e The kind that I don't want messing with crontab to begin with. this reminds me of the saying about giving a man a fish vs teaching him how to fish.
Re: OT, .. but has anyone seen a crontab editor
L. V. Lammert wrote: On Thu, 18 Feb 2010, bofh wrote: What kind of basic unix admin can't deal with % export EDITOR=vi % crontab -e ? Didn't say they were *unix* admins, .. no way I'd saddle some of these guys with vi, much less setting the cron time parameters correctly. Lee There is a simple and effective system for this level. Have them write all their cron stuff in their crontab-let pad Set crontab-alarm clock to go off at appropriate times Type in commands from crontab-let pad. Never fails -- A human being should be able to change a diaper, plan an invasion, butcher a hog, conn a ship, design a building, write a sonnet, balance accounts, build a wall, set a bone, comfort the dying, take orders, give orders, cooperate, act alone, solve equations, analyze a new problem, pitch manure, program a computer, cook a tasty meal, fight efficiently, die gallantly. Specialization is for insects. -- Robert Heinlein
Re: mod_ldapvhost
On 02/18/2010 01:45 PM, Bret S. Lambert wrote: This has been discussed enough on the list that you shouldn't have any trouble figuring out how to shoehorn most anything, up to and including a working Windows7 install, into the chroot environment. Oh, is _that_ how they fixed UAC? :^) They are charging $100-plus for an upgrade, and I bet they aren't kicking anything back to the project.
Re: OT, .. but has anyone seen a crontab editor
On Thu, Feb 18, 2010 at 10:00 PM, Chris Bennett ch...@bennettconstruction.biz wrote: There is a simple and effective system for this level. Have them write all their cron stuff in their crontab-let pad Set crontab-alarm clock to go off at appropriate times Type in commands from crontab-let pad. Never fails Heh. I did that at my last place. You want your web pages to go out automagically? OK, develop it, and when you're done, stick it onto this staging server. At 2am each morning, an rsync from staging sever to my prod server happens. After that, it rsyncs to each of the prod webservers. Throw in a couple of keys, and a year after I left, it was still working. Except that no one dared touch it, because it just works Even though I documented everything. But, they were click and drool monkeys, so -- http://www.glumbert.com/media/shift http://www.youtube.com/watch?v=tGvHNNOLnCk This officer's men seem to follow him merely out of idle curiosity. -- Sandhurst officer cadet evaluation. Securing an environment of Windows platforms from abuse - external or internal - is akin to trying to install sprinklers in a fireworks factory where smoking on the job is permitted. -- Gene Spafford learn french: http://www.youtube.com/watch?v=30v_g83VHK4
Re: OT, .. but has anyone seen a crontab editor
On Thu, 18 Feb 2010, patrick keshishian wrote: On Thu, Feb 18, 2010 at 5:39 PM, Robert Bronsdon reash...@gmail.com wrote: The kind that I don't want messing with crontab to begin with. this reminds me of the saying about giving a man a fish vs teaching him how to fish. That would be like trying to teach a Bedouin to fish, .. not going to happen. Lee
Re: OT, .. but has anyone seen a crontab editor
On Thu, Feb 18, 2010 at 11:10 PM, L. V. Lammert l...@omnitec.net wrote: On Thu, 18 Feb 2010, patrick keshishian wrote: this reminds me of the saying about giving a man a fish vs teaching him how to fish. That would be like trying to teach a Bedouin to fish, .. not going to happen. Please, Bedouins can fish, after all, they live near oasis which typically have fish :) -- http://www.glumbert.com/media/shift http://www.youtube.com/watch?v=tGvHNNOLnCk This officer's men seem to follow him merely out of idle curiosity. -- Sandhurst officer cadet evaluation. Securing an environment of Windows platforms from abuse - external or internal - is akin to trying to install sprinklers in a fireworks factory where smoking on the job is permitted. -- Gene Spafford learn french: http://www.youtube.com/watch?v=30v_g83VHK4
Re: How to change pciide to ahci if there is no option for this in BIOS
Ok just small update. Friend enabled Soft Updates and there is quite better speed now. What's is the real problem is Dolphin from KDE. In Dolphin he can copy to another place in his LAN only about 3MB/s. With scp in console or terminal under KDE he is able to get about 11MB/s. BTW he tried to copy 2.4GB iso file from his laptop to server and backward. On Thu, Feb 18, 2010 at 8:51 PM, Chris Cappuccio ch...@nmedia.net wrote: This system is definitely too old for AHCI to be a chipset option. You could always add in a cheap SATA card with Silicon Image chip, the sili driver supports NCQ... 1-3MB/sec isn't near the max speed of any of your hardware, and you fail to mention what you are doing while iostat is running to show this. B What is the problem again? Tomas Bodzar [tomas.bod...@gmail.com] wrote: Hi all, my friend started using of OpenBSD on his server, but he has quite bad perfomance with his disk. Actually it's running under native mode : pciide1 at pci0 dev 31 function 2 Intel 82801EB SATA rev 0x02: DMA, channel 0 configured to native-PCI, channel 1 configured to native-PCI pciide1: using apic 2 int 18 (irq 9) for native-PCI interrupt and there is no chance to switch it to AHCI. So he will install newer BIOS (there is no info about possible new option for it in release notes). So before additional tests it will be ok if it will be possible to switch to AHCI directly. Is there this option? From man page for pciide I can see that it's possible to set some options for some controllers over config so is it possible for AHCI too? Soft updates aren't enabled and I know that it will have impact on performance so he will enable it. Then it's only on AHCI/native, namei cache and combination of all HW involved. B B tty B B B B B B cd0 B B B B B B wd0 B B B B B B cpu B tin tout B KB/t t/s MB/s B KB/t t/s MB/s B us ni sy in id B B 0 B 18 B 0.00 B 0 0.00 B 26.55 B 49 1.27 B 3 B 0 B 3 B 3 92 B B 0 B 89 B 0.00 B 0 0.00 B 14.93 214 3.12 B 13 B 0 21 14 53 B B 0 B B 0 B 0.00 B 0 0.00 B 15.54 171 2.60 B 13 B 0 11 10 65 B B 0 B B 0 B 0.00 B 0 0.00 B 15.91 161 2.51 B 16 B 0 12 10 62 B B 0 B B 0 B 0.00 B 0 0.00 B 15.83 168 2.60 B 17 B 0 12 B 8 62 B B 0 B B 0 B 0.00 B 0 0.00 B 15.87 165 2.56 B 14 B 0 14 B 8 64 B B 0 B 176 B 0.00 B 0 0.00 B 16.00 199 3.10 B 14 B 0 11 11 63 B B 0 B B 0 B 0.00 B 0 0.00 B 15.84 179 2.77 B 11 B 0 14 14 60 B B 0 B B 0 B 0.00 B 0 0.00 B 15.49 150 2.26 B 14 B 0 14 B 9 62 B B 0 B B 0 B 0.00 B 0 0.00 B 14.24 130 1.81 B 13 B 0 12 B 5 69 procs B B memory B B B page B B B B B B B B B B disks B B traps B B B B B cpu B r b w B B avm B B fre B flt B re B pi B po B fr B sr cd0 wd0 B int B sys B cs us sy id B 0 5 0 B 19584 B 414996 B 508 B 0 B 0 B 0 B 0 B 0 B 0 B 54 1006 B 5732 1859 B 3 B 5 92 B 0 5 0 B 19592 B 414988 B 25 B 0 B 0 B 0 B 0 B 0 B 0 116 8059 43686 14876 17 30 53 B 1 5 0 B 19592 B 414988 B B 7 B 0 B 0 B 0 B 0 B 0 B 0 B 0 4384 26122 9199 15 27 57 B 0 5 0 B 19592 B 414956 B 11 B 0 B 0 B 0 B 0 B 0 B 0 B 0 4486 26236 9287 17 23 60 B 1 5 0 B 19592 B 414972 B 34 B 0 B 0 B 0 B 0 B 0 B 0 B 0 4005 24506 8873 14 16 70 B 0 5 0 B 19592 B 414988 B B 7 B 0 B 0 B 0 B 0 B 0 B 0 B 0 4594 26552 9348 15 21 63 B 0 5 0 B 19592 B 414948 B B 7 B 0 B 0 B 0 B 0 B 0 B 0 B 0 4493 26480 9379 17 23 59 B 0 5 0 B 19592 B 414948 B B 7 B 0 B 0 B 0 B 0 B 0 B 0 B 2 4086 24244 8709 17 19 64 B 1 5 0 B 19592 B 414964 B 11 B 0 B 0 B 0 B 0 B 0 B 0 B 0 4096 24023 8595 14 18 67 B 0 5 0 B 19592 B 415012 B 34 B 0 B 0 B 0 B 0 B 0 B 0 B 0 4582 26632 9397 19 21 59 OpenBSD 4.7-beta (GENERIC.MP) #409: Sun Feb B 7 17:09:00 MST 2010 B B t...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP RTC BIOS diagnostic error 18memory_size,fixed_disk cpu0: Intel(R) Pentium(R) 4 CPU 2.40GHz (GenuineIntel 686-class) 2.40 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID,xTPR real mem B = 534806528 (510MB) avail mem = 509517824 (485MB) RTC BIOS diagnostic error 18memory_size,fixed_disk mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 09/29/04, BIOS32 rev. 0 @ 0xffe90, SMBIOS rev. 2.3 @ 0xf0450 (69 entries) bios0: vendor Dell Computer Corporation version A06 date 09/29/2004 bios0: Dell Computer Corporation OptiPlex GX270 acpi0 at bios0: rev 0 acpi0: tables DSDT FACP SSDT APIC BOOT ASF! acpi0: wakeup devices VBTN(S4) PCI0(S3) USB0(S3) USB1(S3) USB2(S3) USB3(S3) PCI1(S5) MOU_(S3) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: apic clock running at 199MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Pentium(R) 4 CPU 2.40GHz (GenuineIntel 686-class) 2.40 GHz cpu1:
Re: OT, .. but has anyone seen a crontab editor
L. V. Lammert wrote: ... no way I'd saddle some of these guys with vi, much less setting the cron time parameters correctly. Then you are far, far better off not letting them anywhere near the server room if they are that unqualified. Give them some time to learn and a training server, but make sure that the probationary period does not pass. If they're the typical smart-as-a-box of hair Microsoft admin, you're better off getting them back out the door ASAP. If they turn out to be capable of learning then making heavy use of custom formulas in sudoers can give them training wheels on the production server while they get up to speed. /Lars
Re: HIFN 7955 Support in OpenBSD 4.6 on AMD Geode LX800 System
Thanks for all the responses, With sysctl kern.usercrypto=0 The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes256 bytes 1024 bytes 8192 bytes aes-128-cbc 4864.23k 7017.85k 7896.30k 8215.34k 8238.61k aes-256-cbc 4589.43k 5356.36k 5956.85k 6008.82k 6070.19k With sysctl kern.usercrypto=1 The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes256 bytes 1024 bytes 8192 bytes aes-128-cbc193.60k 681.73k 2049.24k 6516.71k12357.51k aes-256-cbc188.07k 656.00k 2048.68k 6462.63k12346.79k Which is slower on the on the smaller blocks and faster on the large blocks as you said. What I am really trying to achieve is decent throughput on SFTP file transfers, I have a NAS box connected to NIC vr1 and have mounted that via NFS to /nas, and then connect via SFTP on NIC vr0 and pull files out of /nas, I seem to achieve approx 2 megabytes / sec regardless of whether I have the HIFN chip installed in the mini PCI slot or not, and CPU usage also seems exactly the same. Top with crypto card removed while SFTP transfer at 2200 KiB/s is running; load averages: 1.66, 0.60, 0.33 02:21:37 20 processes: 1 running, 18 idle, 1 on processor CPU states: 69.0% user, 0.0% nice, 17.2% system, 13.9% interrupt, 0.0% idle Memory: Real: 9872K/46M act/tot Free: 197M Swap: 0K/256M used/tot PID USERNAME PRI NICE SIZE RES STATE WAIT TIMECPU COMMAND 22278 root 580 3480K 2580K run - 1:28 71.44% sshd 28432 root -50 656K 1128K sleep getblk0:09 7.18% sftp-server 968 _openvpn 20 1064K 2616K sleep poll 0:26 0.00% openvpn 21013 _syslogd 20 544K 720K sleep poll 0:05 0.00% syslogd 6090 root 20 3408K 2552K sleep select0:00 0.00% sshd 14650 root 20 1008K 1500K sleep select0:00 0.00% sendmail 16844 root 180 508K 460K idle pause 0:00 0.00% ksh 2099 _ntp 20 704K 820K idle poll 0:00 0.00% ntpd 30378 root 280 564K 1244K onproc- 0:00 0.00% top 7669 _pflogd40 472K 312K sleep bpf 0:00 0.00% pflogd 6463 root 30 564K 424K idle ttyin 0:00 0.00% ksh 10777 _ntp 20 580K 868K idle poll 0:00 0.00% ntpd 1 root 100 428K 308K idle wait 0:00 0.00% init 18163 root 20 616K 808K idle select0:00 0.00% cron 24412 root 180 556K 376K idle pause 0:00 0.00% ksh 3300 root 20 296K 736K idle select0:00 0.00% inetd 4900 root 20 508K 676K idle netio 0:00 0.00% syslogd 8166 root 20 676K 1176K idle select0:00 0.00% sshd Top with crypto card installed while SFTP transfer at 2200 KiB/s running; load averages: 1.66, 0.55, 0.22 02:27:41 20 processes: 1 running, 18 idle, 1 on processor CPU states: 67.2% user, 0.0% nice, 16.5% system, 16.1% interrupt, 0.2% idle Memory: Real: 9652K/47M act/tot Free: 197M Swap: 0K/256M used/tot PID USERNAME PRI NICE SIZE RES STATE WAIT TIMECPU COMMAND 30075 root 640 3472K 2572K run - 0:33 72.41% sshd 10999 root -50 720K 1068K sleep pipewr0:03 7.08% sftp-server 2199 _openvpn 20 1052K 2476K sleep poll 0:01 0.00% openvpn 29905 _syslogd 20 600K 696K sleep poll 0:00 0.00% syslogd 19752 root 20 3368K 2548K sleep select0:00 0.00% sshd 10009 root 280 560K 1240K onproc- 0:00 0.00% top 21763 _ntp 20 664K 832K idle poll 0:00 0.00% ntpd 22026 root 180 568K 436K idle pause 0:00 0.00% ksh 1 root 100 432K 300K idle wait 0:00 0.00% init 13567 root 20 1036K 1452K sleep select0:00 0.00% sendmail 9852 root 180 484K 368K idle pause 0:00 0.00% ksh 16925 _ntp 20 540K 864K sleep poll 0:00 0.00% ntpd 12897 root 20 356K 732K idle select0:00 0.00% inetd 7259 root 30 276K 736K idle ttyin 0:00 0.00% getty 29710 root 20 508K 792K idle select0:00 0.00% cron 18649 root 20 644K 1172K idle select0:00 0.00% sshd 22471 _pflogd40 696K 316K sleep bpf 0:00 0.00% pflogd 30995 root 20 580K 664K idle netio 0:00 0.00% syslogd I expected that there would be some difference with the card in and out, if sshd was using the crypto shouldn't less CPU time be going to sshd and more to interrupt as its pushing more data onto the PCI bus? Would the PCI bus be a limiting factor here? From what I understand PCI 32-bit/33 MHz has a bus